Privacy Policy

for Tobago‑Carnival.com
Effective Date: July 14, 2025

Data Controller:
Caribbean Carnival Connection

Gilla Braek

Riemenschneiderweg 55

12157 Berlin

Email: privacy@tobago‑carnival.com

1. Scope & Legal Framework
We respect your privacy and process personal data in accordance with:

  • EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
  • German Federal Data Protection Act (BDSG‑neu)
  • Telecommunications‑Telemedia Data Protection Act (TTDSG)

This policy applies whenever you visit or interact with www.tobago‑carnival.com.

2. Data We Collect

2.1 Voluntarily Provided Data

  • Contact & registration details (name, email, postal address, telephone) when you sign up for our newsletter, create an account, or send inquiries.
  • Payment information (bank or credit‑card details) processed by our certified payment provider; we do not store this on our servers.

2.2 Automatically Collected Data

  • Technical details (IP address, browser type/version, device type, operating system, timestamps).
  • Usage data (pages visited, click behavior, referrer URLs).
  • Cookies and similar technologies, including:
    • Essential cookies (strictly necessary for site operation)
    • Functional cookies (save your preferences)
    • Analytics cookies (collect anonymized usage statistics upon consent)

3. Purposes of Processing & Legal Bases
We process your data for the following purposes, based on the corresponding legal grounds under Article 6 GDPR and, where applicable, the BDSG or TTDSG:

  1. Website operation, maintenance & security
    • Legal basis: Legitimate interests (Art. 6 (1)(f) GDPR)
  2. Account registration & management
    • Legal basis: Performance of a contract (Art. 6 (1)(b) GDPR)
  3. Order processing & payment
    • Legal basis: Performance of a contract (Art. 6 (1)(b) GDPR)
  4. Newsletters and marketing communications
    • Legal basis: Consent (Art. 6 (1)(a) GDPR; § 25 BDSG)
  5. Analytics and site‑improvement measures
    • Legal basis: Consent for non‑essential cookies (Art. 6 (1)(a) GDPR; TTDSG § 25)
  6. Compliance with legal obligations (e.g., tax retention rules)
    • Legal basis: Legal obligation (Art. 6 (1)(c) GDPR)

4. Cookies & Consent
Under the TTDSG, we obtain opt‑in consent before placing non‑essential cookies. On your first visit, our banner lets you:

  • Accept all cookies
  • Reject non‑essential cookies
  • Customize your preferences

You can change or withdraw consent at any time via the “Cookie Settings” link in the footer.

5. Data Sharing & International Transfers
We may share personal data with:

  • Service providers (e.g., hosting, payment, email, analytics) under EU Standard Contractual Clauses
  • Authorities when required by law or court order
  • Business partners in the event of a merger or sale, under confidentiality agreements

No personal data is transferred outside the EEA without appropriate safeguards (e.g., EU Standard Contractual Clauses).

6. Data Retention
We retain personal data only as long as necessary for the original purpose, plus any statutory retention periods (e.g., 10 years for tax records in Germany). After that, data is securely deleted or irreversibly anonymized.

7. Your Rights
Under the GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate or incomplete data (Art. 16)
  • Erase data (“right to be forgotten”) under certain conditions (Art. 17)
  • Restrict processing (Art. 18)
  • Object to processing based on legitimate interests or direct marketing (Art. 21)
  • Data portability (Art. 20)
  • Withdraw consent at any time (Art. 7)

To exercise any of these rights, please contact us at privacy@tobago‑carnival.com. You also have the right to lodge a complaint with a supervisory authority, such as the BfDI in Bonn.

8. Children’s Data
We do not knowingly collect data from children under 16. If you believe we have inadvertently done so, please contact us and we will delete it immediately.

9. Security
We implement appropriate technical and organizational measures (e.g., encryption, access controls, staff training) to protect your data against unauthorized access, alteration, or destruction (Art. 32 GDPR).

10. Changes to This Policy
We may update this policy to reflect legal or operational changes. The Effective Date at the top will be revised accordingly. Material changes will be communicated to registered users via email.

11. Data Protection Officer (DPO)
If required under Art. 37 GDPR, our DPO is:
Gila Braek
Email: privacy@tobago‑carnival.com
Phone: +49 15152651170

Thank you for trusting Tobago‑Carnival.com. We are committed to keeping your data safe and fully compliant with German and EU law.